Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8238

Tables with encryption=yes using file_key_management plugin are not encrypted

    Details

      Description

      Effect file_key_management_plugin where first tables with key_id 1-4 are created, then key_id is changed in all tables to 5. Restart server with different key file where keys 1-4 are deleted and new key_id 6-9 are introduced but naturally key 5 remains the same. Idea is to alter tables back to use changed keys for key_ids 6-9.

        Gliffy Diagrams

          Attachments

          1. innodb_page_encryption_key_change.test
            5 kB
          2. keys2.txt
            0.2 kB
          3. keys3.txt
            0.2 kB
          4. keys4.txt
            0.2 kB

            Activity

            Hide
            jplindst Jan Lindström added a comment -

            Actual keys can be changed as long the key_id does not change.

            Show
            jplindst Jan Lindström added a comment - Actual keys can be changed as long the key_id does not change.
            Hide
            jplindst Jan Lindström added a comment -
            150527 12:10:56 [ERROR] InnoDB: Tablespace id 9 encrypted but encryption service not available. Can't continue opening tablespace.
            
            2015-05-27 12:10:56 7f69cdbbe780  InnoDB: Assertion failure in thread 140092399937408 in file ha_innodb.cc line 21135
            

            Problem is that key_id 1 can't be removed.

            Show
            jplindst Jan Lindström added a comment - 150527 12:10:56 [ERROR] InnoDB: Tablespace id 9 encrypted but encryption service not available. Can't continue opening tablespace. 2015-05-27 12:10:56 7f69cdbbe780 InnoDB: Assertion failure in thread 140092399937408 in file ha_innodb.cc line 21135 Problem is that key_id 1 can't be removed.
            Hide
            jplindst Jan Lindström added a comment -

            Key_id 1 is needed but tables are not really encrypted.

            Show
            jplindst Jan Lindström added a comment - Key_id 1 is needed but tables are not really encrypted.
            Hide
            jplindst Jan Lindström added a comment -

            commit a25ccd4f83912e02091abe1cba8515266483559b
            Author: Jan Lindström <jan.lindstrom@mariadb.com>
            Date: Wed May 27 15:37:13 2015 +0300

            MDEV-8238: Tables with encryption=yes using file_key_management plugin are not encrypted

            Analysis: Problem was that encryption was skipped.

            Fixed by making sure that tables with ENCRYPTED=YES are encrypted.

            Show
            jplindst Jan Lindström added a comment - commit a25ccd4f83912e02091abe1cba8515266483559b Author: Jan Lindström <jan.lindstrom@mariadb.com> Date: Wed May 27 15:37:13 2015 +0300 MDEV-8238 : Tables with encryption=yes using file_key_management plugin are not encrypted Analysis: Problem was that encryption was skipped. Fixed by making sure that tables with ENCRYPTED=YES are encrypted.

              People

              • Assignee:
                jplindst Jan Lindström
                Reporter:
                jplindst Jan Lindström
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: